Worst passwords in the world

LazyLion

King of de Jungle
Joined
Mar 17, 2005
Messages
103,957
Making complex passwords is really, really easy.....

Take all the initials of all the members of your family.....

George
Trudy
Jake
Sally
Fred

Then add your pets

Spot
Bobbin

So now you have...

gtjsfsb

Capitalise the parents and the animals...

GTjsfSB

Add the number of people and pets staying at your location (number of your house)....

GTjsfSB(7@34)

Then add the name of your street.... (e.g. LaCoste Road - LR)

GTjsfSB(7@34)LR

Then add the year that you moved into that house....

GTjsfSB(7@34)LR-1995

Then add the postal code for your area....

GTjsfSB(7@34)LR-1995/2043

Voila, you have a password that is easy to remember but will take ages to crack....

"It would take a desktop PC about 285 nonillion years to crack your password"
https://howsecureismypassword.net/
 

grim

Expert Member
Joined
Jan 6, 2006
Messages
3,733

Easier solution, make up a sentence that's easy to remember

ie: SpotWasFredsDogBobbinWasSallysDog

3 duodecillion years to crack that

BTW thanks for your password and address.
 

Hamish McPanji

Honorary Master
Joined
Oct 29, 2009
Messages
41,377
Making complex passwords is really, really easy.....

Take all the initials of all the members of your family.....

George
Trudy
Jake
Sally
Fred

Then add your pets

Spot
Bobbin

So now you have...

gtjsfsb

Capitalise the parents and the animals...

GTjsfSB

Add the number of people and pets staying at your location (number of your house)....

GTjsfSB(7@34)

Then add the name of your street.... (e.g. LaCoste Road - LR)

GTjsfSB(7@34)LR

Then add the year that you moved into that house....

GTjsfSB(7@34)LR-1995

Then add the postal code for your area....

GTjsfSB(7@34)LR-1995/2043

Voila, you have a password that is easy to remember but will take ages to crack....

"It would take a desktop PC about 285 nonillion years to crack your password"
https://howsecureismypassword.net/

Liar, I tried to login using the password above , it failed ;)
 

Scooby_Doo

Executive Member
Joined
Sep 4, 2005
Messages
7,820
Better still, make up a formula and use said formula on each website or location that you need a password.

This will ensure that the password is unique in its application as well.
 

atomcrusher

Expert Member
Joined
Jun 27, 2006
Messages
4,208
I wonder what PW JuJu Malema uses? Probably 12345 .... no, wait, maybe not. Can he count that high?
 

Ancalagon

Honorary Master
Joined
Feb 23, 2010
Messages
18,003
Something that I've never understood is why passwords require numbers.

That is to say, a password cracker will be unaware that my password includes numbers. So, it cannot assume that my password contains letters only, and must also check possibilities that include numbers, even if my password contains no numbers. The only way to be sure that my password includes no numbers is to crack it!

Yes, if you are doing a brute force attack, then it matters, but then it only does because the password is shorter without a number (in most cases). If you simply substitute a letter for a number, then it makes no difference to a brute force password cracker.

If the password cracker is using a dictionary attack (ie a pre generated list of common passwords), then that dictionary attack will usually include common variants of your password. So, it will have password1 as well as password, etc etc. So your password gets cracked anyway.

I think the two best guides for password security are 1) using longer passwords, 2) avoiding common dictionary words or phrases.
 

grim

Expert Member
Joined
Jan 6, 2006
Messages
3,733
You just made it longer... not more complex.

A password doesn't have to be complex to be secure, a long passphrase is easier to remember than a shorter complex password and is probably more secure than a complex password as the chances of the user writing it down is decreased as it's easy to remember for one.
 

Vis1/0N

Expert Member
Joined
Mar 10, 2009
Messages
2,177
Facebook, Google, Yahoo, Twitter and LinkedIn... mostly throwaway sites and I don't use strong passwords as I save those for the places that matter. Otherwise it will promote a weakness if those sites (Fb,Y!,#) get compromised.
 

Allin

Expert Member
Joined
Oct 6, 2010
Messages
1,311
Awesome! My Qwerty123456 is rated as very strong! 96% nogal - never scored as high in any test ever before!

And it is easy to remember!
 

Hamish McPanji

Honorary Master
Joined
Oct 29, 2009
Messages
41,377
Something that I've never understood is why passwords require numbers.

That is to say, a password cracker will be unaware that my password includes numbers. So, it cannot assume that my password contains letters only, and must also check possibilities that include numbers, even if my password contains no numbers. The only way to be sure that my password includes no numbers is to crack it!

Yes, if you are doing a brute force attack, then it matters, but then it only does because the password is shorter without a number (in most cases). If you simply substitute a letter for a number, then it makes no difference to a brute force password cracker.

If the password cracker is using a dictionary attack (ie a pre generated list of common passwords), then that dictionary attack will usually include common variants of your password. So, it will have password1 as well as password, etc etc. So your password gets cracked anyway.

I think the two best guides for password security are 1) using longer passwords, 2) avoiding common dictionary words or phrases.

The alphabet has 26 characters
Add 10 numbers to that (0 to 9)
Add special characters, and you have a password with enough length that is essentially unbreakable by brute force (takes too long)

By adding the 10 numbers you are adding 10 new characters that need to be tested for, keeping in mind that each single character added increases the time taken to crack exponentially and not linearly.
 

Ancalagon

Honorary Master
Joined
Feb 23, 2010
Messages
18,003
The alphabet has 26 characters
Add 10 numbers to that (0 to 9)
Add special characters, and you have a password with enough length that is essentially unbreakable by brute force (takes too long)

By adding the 10 numbers you are adding 10 new characters that need to be tested for, keeping in mind that each single character added increases the time taken to crack exponentially and not linearly.

You're not getting me though. How does the password cracking algorithm KNOW that I am NOT using numbers? It must assume that I am, in order to crack my passwords.

Yes I know about the exponential increase in password cracking times.

Lets look at the following two passwords: passwordI and password1
Both contain letters, while only the second also contains numbers. My point is, if I am writing a password cracking algorithm, my algorithm must also try numbers, since it does not yet know if the password includes letters only or letters and numbers.
 

TehStranger

Executive Member
Joined
Nov 19, 2012
Messages
6,083
It would take a desktop PC about 141 quadrillion nonagintillion years to crack your password crew checking in.

Come at me brohackers.
 

pjjdp

Expert Member
Joined
Mar 25, 2004
Messages
2,101

Hamish McPanji

Honorary Master
Joined
Oct 29, 2009
Messages
41,377
You're not getting me though. How does the password cracking algorithm KNOW that I am NOT using numbers? It must assume that I am, in order to crack my passwords.

Yes I know about the exponential increase in password cracking times.

Lets look at the following two passwords: passwordI and password1
Both contain letters, while only the second also contains numbers. My point is, if I am writing a password cracking algorithm, my algorithm must also try numbers, since it does not yet know if the password includes letters only or letters and numbers.

Typically, especially when cracking (assume offline and cracking for multiple passwords) you will use dictionary + variants , and brute force

For brute force, you will do one set which is just numbers
Another with just common letters / all letters
Another with all letters + numbers
And finally all letters + numbers + symbols

If you use your birth date as password, you will get cracked quickly
If you use letters, it will take longer
If you use a combination, it will take even longer

In the days of windows nt, it was wonderful as if the password length was less than 8 characters it was bloody easy to crack on my '486

Linux /etc/passwd files were not so tough either, but as you mentioned password length is a huge factor. But by running 3-4 brute forces running at the same time on different servers with restricted character sets, the lack of numbers/symbols made a substantial difference in cracking time
 
Top